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[57] ABSTRACT 

A method is disclosed for improving portability of secure 
encryption key data files. The method provides for 
re -securing key data files according to different security 
processes for mobility. For porting an encryption key 
secured using a fingerprint authentication process to a sys- 
tem having only a password authentication process, a user 
selects password authentication process, provides a finger- 
print and is authorised, provides a new password and then 
the encryption key is accessed according to the fingerprint 
authentication process and secured according to the pass- 
word authentication process. This allows the use of specia- 
lised security hardware at one location while retaining an 
ability to transport encryption keys in a secure fashion to 
other locations, which do not have similar security hard- 
ware. 

17 Claims, 7 Drawing Sheets 
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METHOD OF SECURING A 
CRYPTOGRAPHIC KEY 

FIELD OF THE INVENTION 

This invention relates generally to identification of indi- S 
viduals and more particularly relates to a method of selec- 
tively securing a key database for provision to other users or 
for transporting the key database. 

BACKGROUND OF THE INVENTION 10 

Computer security is fast becoming an important issue. 
With the proliferation of computers and computer networks 
into all aspects of business and daily life — financial, 
medical, education, government, and communications — the 15 
concern over secure file access is growing. Using passwords 
is a common method of providing security. Password pro- 
tection and/or combination type locks are employed for 
computer network security, automatic teller machines, tele- 
phone banking, calling cards, telephone answering services, 20 
houses, and safes. These systems generally require the 
knowledge of an entry code that has been selected by a user 
or has been preset. 

Preset codes are often forgotten, as users have no reliable 
method of remembering them. Writing down the codes and 15 
storing them in close proximity to an access control device 
(i.e. the combination lock) results in a secure access control 
system with a very insecure code. Alternatively, the nuisance 
of trying several code variations renders the access control 
system more of a problem than a solution. 30 

Password systems are known to suffer from other disad- 
vantages. Usually, passwords are specified by a user. Most 
users, being unsophisticated users of security systems, 
choose passwords that are relatively insecure. As such, many 
systems protected by passwords are easily accessed through 35 
a simple trial and error process. 

A security access system that provides substantially 
secure access and does not require a password or access code 
is a biometric identification system. A biometric identifica- AQ 
tion system accepts unique biometric information from a 
user and identifies the user by matching the information 
against information belonging to registered users of the 
system. One such biometric identification system is a fin- 
gerprint recognition system. 

In a fingerprint input transducer or sensor, the finger under 
investigation is usually pressed against aflat surface, such as 
a side of a glass plate; the ridge and valley pattern of the 
finger tip is sensed by a sensing means such as an interro- 
gating light beam. 50 

Various optical devices are known which employ prisms 
upon which a finger whose print is to be identified is placed. 
The prism has a first surface upon which a finger is placed, 
a second surface disposed at an acute angle to the first 
surface though which the fingerprint is viewed and a third 55 
illumination surface through which light is directed into the 
prism. In some cases, the illumination surface is at an acute 
angle to the first surface, as seen for example, in U.S. Pat. 
Nos. 5,187,482 and 5,187,748. In other cases, the illumina- 
tion surface is parallel to the first surface, as seen for $o 
example, in U.S. Pat. Nos. 5,109,427 and 5,233,404. Fin- 
gerprint identification devices of this nature are generally 
used to control the building-access or information-access of 
individuals to buildings, rooms, find devices such as com- 
puier terminals. 65 

U.S. Pat. No. 4,353,056 in the name of Tsikos issued Oct, 
5, 1982, discloses an alternative kind of fingerprint sensor 
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that uses a capaciiive sensing approach. The described 
sensor has a two dimensional, row and column, array of 
capacitors, each comprising a pair of spaced electrodes, 
carried in a sensing member and covered by an insulating 
film. The sensors rely upon deformation to the sensing 
member caused by a finger being placed thereon so as to 
vary locally the spacing between capacitor electrodes, 
according to the ridge/trough pattern of the fingerprint, and 
hence, the capacitance of the capacitors. In one arrangement, 
the capacitors of each column are connected in series with 
the columns of capacitors connected in parallel and a voltage 
is applied across the colunms. In another arrangement, a 
voltage is applied to each individual capacitor in the array. 
Sensing in the respective two arrangements is accomplished 
by detecting the change of voltage distribution in the series 
connected capacitors or by measuring the voltage values of 
the individual capacitances resulting from local deforma- 
tion. To achieve this, an individual connection is required 
from the detection circuit to each capacitor. 

Before the advent of computers and imaging devices, 
research was conducted into fingerprint characterisation and 
identification. Today, much of the research focus in biomet- 
rics has been directed toward improving the input transducer 
and the quality of the biometric input data. Fingerprint 
characterisation is well known and can involve many aspects 
of fingerprint analysis. The analysis of fingerprints is dis- 
cussed in the following references, which are hereby incor- 
porated by reference: 

Xiao Qinghan and Bian Zhaoqi,: An approach to Finger- 
print Identification By Using the Attributes of Feature 
Lines of Fingerprint," IEEE Pattern Recognition, pp 
663, 1986; 

C. B. Shelman, "Fingerprint Classification — Theory and 
Application," Proc. 76 Carnahan Conference on Elec- 
tronic Crime Countermeasures, 1976; 

Feri Pernus, Stanko Kovacic, and Ludvik Gyergyek, 
"Minutaie Based Fingerprint Registration," IEEE Pat- 
tern Recognition, pp 1380, 1980; 

J. A. Ratkovic, F. W. Blackwell, and H. H. Bailey, 
"Concepts for a Next Generation Automated Finger- 
print System," Proc. 78 Carnahan Conference on Elec- 
tronic Crime Countermeasures, 1978; 

K. Millard, "An approach to the Automatic Retrieval of 
Latent Fingerprints/' Proc. 75 Carnahan Conference on 
Electronic Crime Countermeasures, 1975; 

Moayer and K. S. Fu, "A Syntactic Approach to Finger- 
print Pattern Recognition," Memo Np. 73-18, Purdue 
University, School of Electrical Engineering, 1973, 

Wegstein, An Automated Fingerprint Identification 
System, NBS special publication, U.S. Department of 
Commerce/National Bureau of Standards, ISSN 0083- 
1883; no. 500-89, 1982; 

Moenssens, Andre A., Fingerprint Techniques, Chilton 
Book Co., 1971; and, 

Wegstein and J. F. Raflerty, The LX39 Latent Fingerprint 
Matcher, NBS special publication, U.S. Department of 
Commerce/National Bureau of Standards; no. 500-36, 
1978. 

Though biometric authentication is a secure means of 
identifying a user, it is difficult to derive encryption keys 
from the information. In the first place, the information is 
different each time it is presented to a biometric information 
input device. Secondly, the biometric information is retriev- 
able through, for example, extraction of latent fingerprints. 
When an encryption key is derived directly from biometric 
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information, the extraction of latent biometric information in a key data file and a secured key for decrypting the 

or the interception of biometric information may allow cryptographic key wherein the secured key is stored in a 

others to derive the encryption key. Thirdly, since some secured fashion, a method of securing the secured key 

biometric information is substantially unchanging, it is not comprising the steps of: 

well suited to encryption because once an encryption key is 5 a ) accessing stored data associated with the secured key 
broken, it's use should be discontinued; however, changing the data indicative of an access method from a plurality 
the biometric information on demand is a difficult procedure. of access methods for accessing the secured key- 
In order to overcome this problem, key management sys- b) executing the indicated access method to accei the 
terns exist wherein a plurality of keys are stored in a secure secured key- 
key database. A user authentication, such as a biometric c) selecti a mcthod from the f h ^ f 
authentication, is used to access the secure key database. ; -„ t . _ , /. y lul 
Often the database is encrypted with a key that J accessible A SCCUnng ^ * CCt ^ Sccurcd ^ 
through user authentication. d ) secunn S thc accessed secured key according to the 

Key management systems are well known. One such selected access method; and, 

system, by Entrust® Technologies Limited is currently e ) st °ring data associated with the secured key, the data 

commercially available. Unfortunately, current key manage- 15 indicative of the selected access method, 

ment systems are designed for installation on a single In an embodiment, the key is secured by providing user 

computer and for portability between computers having a authentication information; deriving from the user authen- 

same configuration. As such, implementation of enhanced tication information a second cryptographic key; encrypting 

security through installation of biometric input devices is me accessed secured key using the second cryptographic 

costly and greatly limits portability of key databases. 20 key; and the secured key is accessed by the steps of: 

Alternatively, password based protection of key databases is providing user authentication information; 

undesirable because of the inherent insecure nature of most deriving from the user authentication information a third 

user selected passwords. cryptographic key; and, 

For example, when using Entrust® software to protect a decrypting the secured key using the third cryptographic 

key database, the database is portable on a smart card or on 25 key. 

a floppy disk. The portable key database is a duplicate of the In accordance with the invention there is provided a 

existing key database. User authentication for the portable method of accessing a secured cryptographic key compris- 

key database is identical to that of the original key database. ing the steps of: 

The implications of this are insignificant when password a ) accessing data associated with the secured crypto- 
user authentication is employed; however, when biometric 30 gra phic key to determine an authorisation method nec- 
user authentication such as retinal scanning or fingerprint essary to access the secured cryptographic key- 
identification are used, the appropriate biometric identifica- b) p roviding user authorisation information; 

tion system is required at each lofcation wherein the portable \ j . * j iL . , , 

i I * u ■ j tt r - * i ■ r< L c ) executing the determined authorisation method to 

key database is used. Unfortunate lv, this is often not the tU A t . • , . . 

j A . ..... . . , « access the secured cryptographic key based on the user 

case. In order to avoid this problem, organisations employ 35 *u • <■ • c a a 

j iL ..j.ll j v u authorisation information provided. 

password access throughout and thereby reduce overall r „ . * ( . • 5 tU - e . , , 

security to facilitate portability. In accordance wUh the myenUon there is farther prov.ded 

A1t 4 * . . e • * a method or securing portable key data including encryption 

Alternauyely . members of an organisation are not permit- key information comprising the steps of: 

ted to travel with portable key databases and thereby have \ , - , . . 

reduced mobility and are capable of performing fewer tasks « a) Sel ? ctlng a first auth ° nsat >°n 9™*? f™» » Polity of 

while outside the office. This effectively counters many of ^J 0 " 53 ' 10 " P rocesses for secunn g the P ortable ke y 

the benefits available in the information age. ' 

It is presently known that a key database, once created, b > authenticating access to the secured portable key data 

should never be decrypted, except during emergencies. This according to a different authorisation process, remov- 

thinking prevents keys from becoming vulnerable by exist- 45 in S the sec unty from the portable key data, and imple- 

ing in their decrypted state. The common practice of never mentmg security of the portable key data according to 

decrypting key databases enhances security of the keys the firet autnonsatl °n process, 

themselves, but does little to enhance overall system secu- 11 ls an advanta ge of the present invention that a key data 

rity. It would, however, be advantageous to enhance system file ls P ortable between systems having different user 

security by providing secure key databases that do not 50 authe ntication hardware and methods therein wherein some 

impede portability of the key database. are common to a plurality of systems. 

OBJECT OF THE INVENTION BRIEF DESCRIPTION OF THE DRAWINGS 

In an attempt to overcome these and other limitations of M exem P Iarv embodiment of the invention will now be 

the prior art, it is an object of this invention to provide a 55 descnbed in conjunction with the attached drawings, in 

method of generating secure key databases that is portable to which. 

systems having different configurations. FIG - 1 ^ a flow diagram of a prior art method of accessing 

It is a further object of the invention to provide a method cryptographic keys; 

of selecting a user authentication method from a plurality of FIG - 2 ^ a flow diagram of a prior art method of accessing 

user authorisation methods for use in securing a key data 60 cryptographic keys; 

file. FIG- 3 is a flow diagram of a method of accessing a 

It is a further object of thc invention to provide a method cryptographic key and securing the cryptographic key 

of securing a key database with multiple security methods. according to a selected authentication process according to 

the invention; 

SUMMARY OF THE INVENTION « c T p a ■ a A - f tU A , 

65 riO. 4 is a now diagram of a method of securing a secured 

In accordance with the invention there Ls provided for a cryptographic key according to a selected authentication 

system comprising a cryptographic key encrypted and stored process according to the invention; 
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FIG. 5 is a How diagram of a method of securing a secured verified, access to the cryptographic key is permitted and 

cryptographic key according to a plurality of selected encrypted data files are accessible. One such method is to 

authentication processes according to the invention; employ the password or a predetermined portion thereof as 

FIG. 6 is a flow diagram of a method of securing portable a kev fo . r encrypting the cryptographic key. Another such 

key data including encryption key information, according to 5 method is providing access to a secured key upon verifica- 

the invention; and, uon °f lne password and using the secured key to access the 

rir *7 .v ' a' A:„„ nm „ „ Q ,u a r • cryptographic kev. As is evident to those of skill in the art, 

MG. 7 is a now diagram or another method of secunne * i , " i ^, . , 

portable key data including encryption key information, ton i vemiona kc V < lala ^ ««> n °' be transferred rom a 

according to the invention. s y s,em em P °V^ a su * th *< ' X ' t0 a 

]0 system employing a different method, such as that of FIG. 2. 

DETAILED DESCRIPTION Because of this, prior art systems are used in a less than 

_ , „ optimally secure fashion wherein a single user authentica- 

The invention is described with respect to finger print lion syslem in lhc form of passwords ± used . Alternatively, 

registration. The method of this invention is applicable to transportability is reduced where biometric user authentica- 

other biometric verification processes as is ev.dent to those tion is conductcd . Optionally, the key data file is stored on 



a floppy disk, a CD-ROM or another data transport mecha- 



of skill in the art. 

One of the many problems with a fingerprint biometric is nism. Preferably, the key data file is not communicated using 

that a special contact-imaging device is required to image a unsecured electronic communications such as electronic 

fingerprint. Today, many systems and, in particular, many mail over the Internet. 

personal computers are not equipped with a contact imaging 2Q Referring to FIG. 3 and in accordance with the invention, 

device. It is well known to outfit a network of systems with a method ^ prov ided allowing porting of encryption key 

biometric imaging devices in order to overcome these limi- data bctween systems supporting different user authorisation 

tations. Unfortunately, for those who travel on business and methods wherein at least a method is common between the 

need access to encrypted email, such a solution is not systems . Accordingly, a user re-secures a key data file 

possible. Another known solution is to travel with a portable , s comprising a cryptographic key for porting to another sys- 

contact-imaging device. Unfortunately, installation of spe- tem . User authentication occurs and the cryptographic key is 

cial software and additional hardware expense is commonly accessed. The user then selects an authentication method in 

required thereby rendering such an approach impractical. lhc form 0 f a biometric authentication method such as a 

According to the invention, a method is proposed for secur- fingerprint, a voiceprint, a face, a palm print, a retinal scan, 

ing encryption key data in accordance with anticipated 3Q and so f orth; a password; a physical key; etc. The authen- 

hardware and security level required. lication mclhod ^ from a polity of available 

Referring to FIG. 1, a prior art method of accessing authentication methods. The user is authenticated according 

secured data is shown for use in a network comprising a to the selected method and the accessed cryptographic key 

plurality of computers each having a biometric imaging is secured according to that method. The secured crypto- 

means. Akey data file comprises a cryptographic key, which 35 graphic key is stored in the key data file with data relating 

is secured using a biometric authentication method. Accord- to the selected authorisation method. Optionally, the data 

ing to the method, biometric authentication is required to relating to the selected authorisation method is stored in a 

access the cryptographic key. For example, the crypto- separate location. Further optionally, the secured key data 

graphic key is encrypted using a key secured by the bio- and the data relating to the selected authorisation method is 

metric information. Upon presentation of appropriate bio- d0 all stored on a smart card for transport, the key data file on 

metric information, the secured key is accessed, the the system remaining unchanged. One method of securing 

cryptographic key is decrypted, and the cryptographic key the cryptographic key is to encrypt it using a further cryp- 

used to encrypt or decrypt data files. Of course, other tographic key. The further cryptographic key is often in the 

methods of securing cryptographic keys using biometric form of a secured key, which is accessible through user 

authentication are also applicable. For example, key loca- 45 authorisation. Alternatively, the further cryptographic key is 

tions may be determined by the user authentication process. extracted or partially extracted from user authorisation infor- 

Because a key data file is transportable, an encrypted data mation provided by a user according to the user authorisa- 

file is transportable with the key data file — necessary to tion method employed. For example, a further cryptographic 

access the encrypted data file — to another computer system. key may be derived from a password, from relative distances 

Unfortunately, the other computer system must have a same 50 between specific features in a fingerprint, or from data stored 

biometric authentication process in order to provide access in the key data file combined with user provided informa- 

to the key data file. For example, when the second computer tion. 

has no biometric information input device, the user autho- Since the data relating to the selected authorisation 

risation method for accessing the secured key can not be method is stored associated with the key data, accessing the 

executed and he secured key is not accessible. Without the ss cryptographic key on another system becomes a straightfor- 

secured key, the encrypted cryptographic key data can not be ward task. The key data file or files are provided to the other 

accessed when desired. Alternatively, a method of extracting system. The system accesses the data relating to the selected 

the keys from the key data file absent user authentication is authorisation method and determines whether or not it has 

necessary. Such a method is not desirable since it greatly support for the selected authorisation method. When support 

reduces security. 60 is not present, a user is informed that the key data file is 

Referring to FIG. 2, a prior art method of accessing inaccessible. When support exists, the authorisation method 

secured data for use in a home system having a smart card is run to authenticate the user and thereby provide access to 

reader but absent a biometric imaging means is shown. Here, the cryptographic key. Of course, the authorisation method 

a password or card based user authentication is employed. A may be run at a later time, for example when the user 

smart card having a key data file stored therein is placed into 65 requests access to encrypted data. 

a smart card reader. A user is prompted for user authenti- Referring to FIG. 4 and in accordance with the invention, 

cation in the form of a password. Once the password is a method is provided for copying or porting encryption key 
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data from a system 10 another system; the method has 
enhanced security over prior art methods. In order to accom- 
plish this, a user selects an authentication method in the form 
of a biometric authentication method such as a fingerprint, 
a voiceprint, facial features, a palm print, a retinal scan, and 5 
so forth; a password; or a key. The authentication method is 
selected from a plurality of available authentication meth- 
ods. The user is authenticated according to the selected 
method and the secured cryptographic key is secured 
according to that method. The twice -secured cryptographic 10 
key is stored in the key data file with data relating to the 
selected authorisation methods and an order of the securing 
operations. This allows for multiple user authentication 
based protection of key data files. For example, such a 
system is applicable in increasing security by providing for 15 
password and biometric security. Also, the method is also 
useful to prevent access by an individual in a group of 
individuals absent all members of the group. This is accom- 
plished be securing the cryptographic key data with a user 
authentication of each individual in the group; only when all 2Q 
individuals are authenticated, will the key data be accessible. 
Alternatively, the data relating to the selected authorisation 
method is stored in a separate location. Optionally, the 
secured key data and the data relating to the selected 
authorisation method is all stored on a smart card for 75 
transport, the key data file on the system remaining 
unchanged. 

Referring to FIG. 5, a method is provided to secure 
encryption key data. Accordingly, a user determines to 
secure a key data file comprising a secured cryptographic 30 
key. The user selects an authentication method in the form 
of a biometric authentication method such as a fingerprint, 
a voiceprint, a face, a palm print, a retinal scan, and so forth. 
Alternatively, another authentication method such as a pass- 
word or a physical key is selected. The authentication 35 
method is selected from a plurality of available authentica- 
tion methods available to the user. The user is authenticated 
according to the selected method and the secured crypto- 
graphic key is secured again according to that method. The 
secured cryptographic key is stored in the key data file with 40 
data relating to the selected authorisation methods and an 
order of securing operations. The user then selects a further 
authentication method and the key data is again secured and 
so forth. Each user authorisation is temporarily stored. The 
user is also authorised to access the key data as secured prior 45 
to application of the method shown in FIG. 5. The key data 
is then accessed and secured in each permutation of the 
selected methods. In the example of FIG. 5, this involves 
securing the key data according to method (1, 2, 3) (1, 3, 2) 
(2, 1,3) (2, 3, 1) (3, 1, 2) (3, 2, 1), in six different forms. The 50 
resulting data is accessible by providing, in any order, the 
three appropriate user authentication information samples. 

Alternatively, a same result is provided by modifying the 
cryptographic key access routine to store each user autho- 
risation result temporarily and then to execute same in an 55 
appropriate order. Here, a user executes a plurality of user 
authorisation methods in any order. The system applies each 
method or results therefrom in an appropriate order to access 
the cryptographic keys. When no order is stored with the 
data relating to authorisation methods, the application of 60 
each method or results therefrom is performed in every 
possible permutation. Of course, when such is the case, a 
checksum or other method of verifying that a cryptographic 
key is properly accessed is necessary. 

In accordance with the invention, a method is provided to 65 
provide secure access to encrypted data by each of a 
plurality of people. Accordingly, a user determines to secure 
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a key data file comprising a secured cryptographic key. The 
user is authenticated and the cryptographic key is accessed. 
The user selects an authentication method in the form of a 
biometric authentication method such as a fingerprint, a 
voiceprint, a face, a palm print, a retinal scan, and so forth; 
a password; or a key. The authentication method is selected 
from a plurality of available authentication methods. 
Another user is authenticated according to the selected 
method and the secured cryptographic key is secured 
according to that method. The secured cryptographic key is 
stored in a second other key data file with data relating to the 
selected authorisation method. Alternatively, the key data is 
stored in a same file along with the previous secure key data. 
This allows for user authentication of any of a plurality of 
individuals providing access to same key data. 

In some systems, a key data server comprises secure key 
data for a plurality of cryptographic keys. Using such a 
system and prior to travel, a user requests packaging of some 
keys for transport. The keys are packaged on a non-volatile 
memory device in the form of a smart card, a floppy disk, a 
PCMCIA card, a dongle, or another similar device. Prior to 
packaging the keys are secured according to a user selected 
authorisation method. The key server accesses the key data 
and then secures it according to the selected method and 
stores the resultant key data file and data indicative of the 
selected method in the non-volatile memory device. 

According to an embodiment the data indicative of a user 
authorisation method comprises a sequence of bytes includ- 
ing a length for indicating, one of the data length and the 
number of authentication methods employed to secure the 
key data and an indicator of a user authentication method 
comprising a number, for example 2 bytes, unique to each 
available method. Typically two bytes are used to identify 
the method selected thereby allowing for over 65,000 dif- 
ferent user authentication methods. This permits the imple- 
mentation of variations on user authentication methods to 
increase the difficulty of breaking the security of the key 
data. Preferably only a single byte is used to indicate data 
length as it is obvious to those in the art that requiring 
application of more than 1 28 methods of user authentication 
in order to access key data renders such a system inconve- 
nient. Of course, when desired, such a configuration can be 
implemented without difficulty. 

A plurality of methods of securing the cryptographic keys 
is known. For example, a password authorisation method is 
used. The password is hashed according to a known algo- 
rithm to create a 64-bit code. The code is then used accord- 
ing to known encryption algorithms, to encrypt the crypto- 
graphic key. Alternatively, the code is used to encrypt a key, 
which is used to encrypt the cryptographic key. The use of 
another key — a secured key — to encrypt the cryptographic 
key data allows for more robust key selection for this task. 
Further, selection of such a key minimises a number of tines 
or fashions in which a cryptographic key is accessible within 
a system. It is preferable to access and re -secure a secured 
key once removed from the secured cryptographic keys, than 
to repeatedly access and re-secure the cryptographic keys, 
themselves. Alternatively, a biometric information sample in 
the form of a fingerprint is provided. A central location of the 
fingerprint is calculated. Distances between the centre and 
some closest features are determined. The results are used to 
generate a multi-bit encryption key. Alternatively, the results 
are used to scramble, hide, unlock, or arithmetically obscure 
the secured key or, when a secured key is not used, the 
cryptographic key. Of course, many different fingerprint 
analysis methods may be employed, each having a unique 
authorisation method identifier. Therefore, provision of a 
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fingerprint is not indicative of the biometric authorisation deriving from the user authentication information a 

method whereas the authorisation method is indicative of second cryptographic key; and 

necessary user input. Similarly, many methods of extracting encrypting the accessed secured key using the second 

a key from a password are known and, according to the cryptographic key 

present invention, those implemented each have a unique 5 r A mcthod of sccur ' ing the secured k ^ defined in 

authorisation method identifier. daim 6 wnerejn the secured key is by {h& Qf . 

Numerous other embodiments may be envisaged without providing user amhcmicalion information; 

departing trom the spirit and scope of the invention. , . . c , . . 

What is claimed is- deriving from the user authentication information a third 

ii* • • * i ,m cryptographic key; and, 

1. In a system comprising a cryptographic key encrypted 

and stored in a key data file and a secured key for decrypting decrypting the secured key using the third cryptographic 

the cryptographic key wherein the secured key is stored in key ' 

a secured fashion, a method of securing the secured key , 8 ' A ™ ih t od of secunn fi the secured ke ? as defined in 

comprising the steps of: „ claim wherein the encr yP ted cryptographic key, the 

]i secured key and the stored data are stored in a same 

a) accessing stored data associated with the secured key, electronic file 

the data indicative of an access method from a plurality 9 A method of securing the secured key as defined in 

of access methods for accessing the secured key on a claim x comprising the st of: ^ a method ff0m the 

first computer; , r . e , , * . 6 

... plurality or methods for securing the secured key; securing 

b) executing the indicated access method to access the *> ^ sgcured key accQrding tQ the accefis method; 

secured key, and ^ stor j ng data associated with the twice -secured key, the 

c) selecting a method from the plurality of methods for data indicative of the selected access method. 

securing the accessed secured keys the method selected i 0 . A method of securing the secured key as defined in 

to provide for access to the key data file on a second ^ daim ly where i n me steps (a), (b), (d), and (e) are performed 

other computer; - aulomatically and wherein steps ( b ) and ( d ) require infor . 

d) securing the accessed secured key according to the mation provided by an individual. 

selected access method; and, U. A method of securing the secured key as defined in 

e) storing data associated with the secured key, the data claim 1, wherein the step (b) comprises the step of; 
indicative ,of the selected I access method. 30 prompting for provision of authorisation information 

2. A method of secunng the secured key as defined in according to the access method; and the step (d) 
claim 1 wherein the plurality of access methods are methods comprises the steps of: 

of authenticating a user. prompting for provision of authorisation information 

3. A method of secunng the secured key as defined in according to the selected authorisation method, 
claim 2 wherein the steps (a), (b), (d), and (e) are performed 35 n. A method of accessing a secured cryptographic key 
by at least a processor in a computer system and wherein comprising the steps of: 

each of the plurality of access methods is available for a ) accessing data associated with the secured crypto- 

execution by the at least a processor. graphic key to determine an authorisation method nec- 

4. A method of securing the secured key as defined in 40 essary to access the secured cryptographic key; 
claim 2 wherein the methods of authenticating a user include b) providing user authorisation information; 
password based user authentication and biometric user c ) executing the determined authorisation method to 
authentication. access the secured cryptographic key based on the user 

5. A method of securing the secured key as defined in authorisation information provided. 

claim 4 wherein the biometric user authentication is finger- 45 13. Amethod of accessing a secured cryptographic key as 

print authentication. defined in claim 12, comprising the step of: 

6. In a system comprising a cryptographic key encrypted prompting for provision of authorisation information 
and stored in a key data file and a secured key for decrypting according to the indicated access method. 

the cryptographic key wherein the secured key is stored in 14 A method of accessing a secured cryptographic key 

a secured fashion, a method of securing the secured key 5 ° com P risin S the steps of: 

comprising the steps of: a ) acc essing data associated with the secured crypto- 

x . , , , • . j • i. * L * graphic key to determine an authorisation method nec- 

a) accessmg stored data assocated with the secured key, (0 access Ihe secured cryptographic key; 
the data indicative of an access method from a plurality ... ... & r " 

of access methods for accessing the secured key; 55 b > P r0Vldin S ^ authonsation information; 

b) executing the indicated access method to access the c) execm | n S the determined authorisation method to 
secured key; access the secured cryptographic key based on the user 

... * t * r . i authorisation information provided; 

c) selecting a method from the plurality of methods for . , , . 

securing the accessed secured key; wherein the sle P < c > com P rises the step of: 

d) securing the accessed secured key according to the <° ^Z?^ 

selected access method; t0graph,C ^ determined from the P rovid ^ autho- 

nsation information. 

e) storing data associated with the secured ken the data 15. A method of accessing a secured cryptographic key as 
indicative of the selected access method; dcfincd in claim u , wherein the secured cryptographic key 

wherein the accessed secured key is secured by the steps 65 is a secured key for securing a further cryptographic key. 

°* : 16. A method of securing portable key data including 

providing user authentication information; encryption key information comprising the steps of: 
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a) selecting a first authorisation process from a plurality of 
authorisation processes for securing the portable key 
data; 

b) authenticating access to the secured portable key data 
according to a different authorisation process, remov- 5 
ing the security from the portable key data, and imple- 
menting security of the portable key data according to 
the first authorisation process. 

17. A method of securing portable key data including 
encrypt; on key information as defined in claim 16 com- 10 
prising the steps of 
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determining if the secured portable key data is secured 
using the first authorisation process; 

when the secured portable key data is secured using the 
first authorisation process duplicating the secured por- 
table key data; 

wherein the step (b) is only executed when the secured 
portable key data is secured using an authorisation 
process different from the first authorisation process. 

***** 
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UNITED STATES PATENT AND TRADEMARK OFFICE 

CERTIFICATE OF CORRECTION 

PATENT NO. : 6,052,468 Page 1 of 2 

DATED : A P ril 18 ' 2000 

INVENTOR(S) ; Hillhouse 

It Is certified that error appears in the above-identified patent and thai said Letters Patent is hereby 
corrected as shown below: 



In column 1, line 64, the expression "find devices" should read -and devices-; 
In column 3, line 33, the expression "location" should read -location-; 
In column 4, line 37, the expression "farther" should read -further-; 
In column 5, line 55, the expression "he secured" should read -the secured-; 
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UNITED STATES PATENT AND TRADEMARK OFFICE 

CERTIFICATE OF CORRECTION 

PATENT NO. : 6,052,468 Page 2 of 2 

DATED April 18, 2000 

INVENTOR(S) : Hillhouse 

it is certified thai error appears in the above-indentified patent and that said Letters Patent is hereby 
corrected as shown below: 



In column 7, line 19, the expression "be securing" should read -by securing--; 
In column 8, line 54, the expression "of tines" should read -of times-; 
In claim 1, line 24, the expression "secured keys" should read -secured key-; 
In claim 6, line 63, the expression "secured ken" should read -secured key,-; and 
In claim 16, line 10, the expression "encrypt; on" should read -encryption-. 



Signed and Sealed this 
Twenty-ninth Day of May, 2001 

Attest: *%<e&&() Ps&d&ZC 

NICHOLAS P. CODICI 

Attesting Officer Acting Director of (he United States Patent and Trademark Office 
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